Redwax Tool

The universal certificate conversion tool.

Read certificates and keys from your chosen sources, filter the certificates and keys you're interested in, write those certificates and keys to the destinations of your choice.

Read In

Read PEM encoded certificates, keys, and crls.

Filter

Passthrough all certificates and keys, search for a given certificate along with related intermediate certificates and keys, or verify certificates for validity to a key and a trust chain.

Write Out

Write certificates and keys as PEM encoded files, to an NSS certificate database, to a PKCS12 file, or to a PKCS11 URL.

Examples

Try some of these out.

PEM to PKCS12

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key to a PKCS12 file.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough  --cert-out --chain-out --key-out --pkcs12-out cert.p12
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
pkcs12-out: certificate: CN=redwax.eu
pkcs12-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs12-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pkcs12-out: private key
Enter PKCS12 export passphrase for cert.p12:
Verifying - Enter PKCS12 export passphrase for cert.p12:
                    

PEM to NSS

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key to an NSS certificate database.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough  --cert-out --chain-out --key-out --nss-out /etc/dirsrv/slapd-chestnut/
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
nss-out: private key
Enter NSS Certificate DB for /etc/dirsrv/slapd-chestnut/: 
Verifying - Enter NSS Certificate DB for /etc/dirsrv/slapd-chestnut/: 
nss-out: certificate: CN=redwax.eu
nss-out: intermediate: CN=R3,O=Let's Encrypt,C=US
nss-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
                    

PEM to PKCS11

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key to a smartcard accessible via a PKCS11 interface.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough  --cert-out --chain-out --key-out --pkcs11-module-out /usr/lib64/pkcs11/libsofthsm2.so --pkcs11-out "pkcs11:token=My%20Test%20Token"
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
Enter user PIN for My Test Token: 
pkcs11-out: key
pkcs11-out: certificate: CN=redwax.eu
pkcs11-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs11-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
                    

All Together Now

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key, to a PKCS12 file, an NSS database, and to a smartcard accessible via a PKCS11 interface.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough  --cert-out --chain-out --key-out --pkcs12-out cert.p12 --nss-out /etc/dirsrv/slapd-chestnut/ --pkcs11-module-out /usr/lib64/pkcs11/libsofthsm2.so --pkcs11-out "pkcs11:token=My%20Test%20Token"
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
pkcs12-out: certificate: CN=redwax.eu
pkcs12-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs12-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pkcs12-out: private key
Enter PKCS12 export passphrase for cert.p12:
Verifying - Enter PKCS12 export passphrase for cert.p12:
Enter user PIN for My Test Token: 
pkcs11-out: key
pkcs11-out: certificate: CN=redwax.eu
pkcs11-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs11-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
nss-out: private key
Enter NSS Certificate DB for /etc/dirsrv/slapd-chestnut/: 
nss-out: certificate: CN=redwax.eu
nss-out: intermediate: CN=R3,O=Let's Encrypt,C=US
nss-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
                    

Downloads

Use the source, Luke.

latest

Releases will be available here soon. In the mean time, check out the code below.

Getting Involved

Get the code. Ask questions. Track issues.

Source Control

The source code for the Redwax Tool is stored in Bitbucket and mirrored as an SVN repository.

  • Bitbucket: Browse the source code and submit pull requests using git.
  • Subversion: The repository of record is available using subversion.

Issue Tracking

  • Jira: Track issues in the Redwax Tool project.

Mailing Lists

The following mailing lists are available.

Security Issues

Use the following address for contacting us to report security issues with the Redwax Tool.